package YAVMM::Server::Auth::Plugin::LDAP;
use Moose::Role;
use MooseX::Method::Signatures;

use Authen::Simple::LDAP;

has '_section' => (
    is      => 'ro',
    default => 'auth-ldap',
);

method authenticate (Str $user, Str $pass) {
    return $self->_get_ldap->authenticate($user, $pass);
}

method _get_ldap {
    my %opts = ();
    foreach my $key qw(host basedn timeout version binddn bindpw filter scope) {
	my $val = $self->settings->get($self->_section, $key);
	$opts{$key} = $val if defined $val;
    }

    my $ldap = Authen::Simple::LDAP->new(%opts);

    return $ldap;
}

1;


__END__

=head1 NAME

YAVMM::Server::Auth::Plugin::LDAP - LDAP Authentication

=head1 CONFIGURATION

Uses the I<auth-ldap> section.

=head2 Keys

The keys match the parameters to new as defined in L<Authen::Simple::LDAP>.

=head3 host

B<Examples:>
 ldap://ldap.example.com/
 ldaps://ldap.example.com/

=head3 basedn

=head3 version

=head3 binddn

=head3 bindpw

=head3 filter

=head3 timeout

=head3 scope

=head1 SEE ALSO

L<Authen::Simple::LDAP>
